blockdefense.exe - Dangerous

blockdefense.exe

Manual removal instructions:

Antivirus Report of blockdefense.exe:
blockdefense.exe Malware
blockdefense.exeDangerous
blockdefense.exeHigh Risk
blockdefense.exe
We suggest you to remove BlockDefense.exe from your computer as soon as possible.
BlockDefense.exe is Trojan/Backdoor.
Kill the process BlockDefense.exe and remove BlockDefense.exe from Windows startup.

File: setup.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.30 -
AVG 8.5.0.406 2009.08.30 -
BitDefender 7.2 2009.08.30 -
Comodo 2124 2009.08.30 -
DrWeb 5.0.0.12182 2009.08.30 -
F-Secure 8.0.14470.0 2009.08.30 -
Kaspersky 7.0.0.125 2009.08.30 -
Microsoft 1.5005 2009.08.30 -
NOD32 4382 2009.08.30 -
Symantec 1.4.4.12 2009.08.30 -

Additional information
File size: 48423 bytes
MD5 : 304060fed9a8ba6b0128a999d7c53d58
SHA1 : a6016940a91e177ddd6c9c9e3d82546c5a8fa55f
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys deleted:1
----------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew

----------------------------------
Keys added:9
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BlockDefense
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Extensions
HKLM\SOFTWARE\BlockDefense
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BLOCKDEFENSESVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BLOCKDEFENSESVC\0000
HKLM\SYSTEM\CurrentControlSet\Services\BlockDefenseSvc
HKLM\SYSTEM\CurrentControlSet\Services\BlockDefenseSvc\Security
HKCU\Software\BlockDefense

----------------------------------
Values deleted:0
----------------------------------

----------------------------------
Values added:31
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name: "BlockDefense.exe"
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID: 0x42C927D4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\cf: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\tr: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BlockDefense\DisplayName: "BlockDefense"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BlockDefense\UninstallString: ""C:\Program Files\BlockDefense Software\BlockDefense\uninstall.exe""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BlockDefense\NoModify: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BlockDefense\NoRepair: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Extensions\.ini: "notepad.exe ^.ini"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Extensions\.txt: "notepad.exe ^.txt"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Extensions\.wtx: "notepad.exe ^.wtx"
HKLM\SOFTWARE\BlockDefense\Lang: "English"
HKLM\SOFTWARE\BlockDefense\Install_Dir: "C:\Program Files\BlockDefense Software\BlockDefense"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BLOCKDEFENSESVC\0000\Service: "BlockDefenseSvc"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BLOCKDEFENSESVC\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BLOCKDEFENSESVC\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BLOCKDEFENSESVC\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BLOCKDEFENSESVC\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BLOCKDEFENSESVC\0000\DeviceDesc: "BlockDefense Security Service"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BLOCKDEFENSESVC\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\BlockDefenseSvc\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\BlockDefenseSvc\Type: 0x00000010
HKLM\SYSTEM\CurrentControlSet\Services\BlockDefenseSvc\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\BlockDefenseSvc\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\BlockDefenseSvc\ImagePath: "C:\Program Files\BlockDefense Software\BlockDefense\BlockDefenseSvc.exe"
HKLM\SYSTEM\CurrentControlSet\Services\BlockDefenseSvc\DisplayName: "BlockDefense Security Service"
HKLM\SYSTEM\CurrentControlSet\Services\BlockDefenseSvc\ObjectName: "LocalSystem"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\50nr6324.exe: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\50nr6324.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BlockDefense: "C:\Program Files\BlockDefense Software\BlockDefense\BlockDefense.exe -min"
HKCU\Software\BlockDefense\CurrentVersion: "771eb5b6f272744584a5567cff88f8a7488db9ff725819bf101e13a05be2b81fa0a1b07e8710a4b241c97b55c9b466298c3486f666dfd2ed819ce519df95b07cbec8852cfbf64087887d3ab4aa2590860751ef0196eb00986cd805f60f292dd71e3468d6ee2dc2042c26b2c4032dc7c0"
HKCU\Software\BlockDefense\AgentsSettings: 0x00000001

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:736
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\50nr6324.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ewx0az47.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\nsProcess.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\nsSCM.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy3.tmp\time.dll
C:\Documents and Settings\All Users\Desktop\BlockDefense.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\BlockDefense\1 BlockDefense.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\BlockDefense\2 Homepage.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\BlockDefense\3 Uninstall.lnk
C:\Program Files\BlockDefense Software\BlockDefense\BlockDefense.exe
C:\Program Files\BlockDefense Software\BlockDefense\license.txt
C:\Program Files\BlockDefense Software\BlockDefense\uninstall.exe
C:\WINDOWS\system32\10161virzs9c95.dll
C:\WINDOWS\system32\10aback59oz2493.exe
C:\WINDOWS\system32\10z469acktool2a5.bin
/.../
C:\WINDOWS\10014zpa95ot3f8.cpl
C:\WINDOWS\104z9spy3975.bin
C:\WINDOWS\10789ha5kto9l7zc.dll
C:\WINDOWS\10789zac9too52b9.ocx
/.../
----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:5
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy3.tmp
C:\Documents and Settings\All Users\Start Menu\Programs\BlockDefense
C:\Program Files\BlockDefense Software
C:\Program Files\BlockDefense Software\BlockDefense

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:782
----------------------------------

-------------------------------------------------------------------------------------
Internet activity:
Code:
HTTP GET http://www.blockdefense.com/downloader.p...
HTTP GET http://www.blockdefense.com/downloader.p...
HTTP POST http://www.blockdefense.com/report
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: BlockDefenseSvc
Author:
Related File: C:\Program Files\BlockDefense Software\BlockDefense\BlockDefenseSvc.exe
Type: Auto Services

Item Name: 50nr6324.exe
Author: Microsoft Corporation
Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\50nr6324.exe
Type: Registry Run

Item Name: BlockDefense
Author: AntiSpy Software
Related File: C:\Program Files\BlockDefense Software\BlockDefense\BlockDefense.exe -min
Type: Registry Run

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove blockdefense.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.